Best idea is to find the holes first, be polite , dont harm anything . leave a small message for sysadmin to contact you for a list of exploitable features.
You may not get alot of money this way, but you will make alot of favours and they are better than money.
